Warning! Critical Samba Flaw Allows RCE at Root Level
A freshly discovered vulnerability in the Samba platform could allow threat actors root access and remote code execution.
Samba is a software suite that allows different devices running different operating systems to share files and print tasks, and work together on a shared network. The platform supports various Windows clients, as well as Linux and Unix devices, as well as MS Active Directory.
Situation: Critical
The security flaw discovered in Samba has been designated as CVE-2021-44142 and received a "critical" severity rating with a severity score of 9.9 out of 10. The bug was discovered by a researcher with DEVCORE.
The bug comprises an out-of-bound read/write issue in the vfs_fruit module Samba. All versions of Samba before 4.13.17 are affected by the bug and it also affects Red Hat and Ubuntu.
The vfs_fruit module is only susceptible to exploitation if it is using its default configuration, Samba clarified. In addition to this, the potential bad actor needs to have write access to extended file attributed to exploit the bug. However, Samba further explained that this level of access could be given to a guest account or an unauthenticated user if the system has been configured in such a way, so this is not a great comfort when it comes to security.
Solutions and Mitigation
Anyone running Samba has a couple of options when it comes to fixing the problem with CVE-2021-44142. The first and most obvious solution is patching to the latest available version of Samba. The other option is to simply remove the vfs_fruit module in Samba's configuration files. Removing vfs_fruit from smb.conf will protect a system from the exploit.
This is the second critical severity bug that has been disclosed in the past few months, affecting a significant number of systems. While Samba's vfs_fruit vulnerability is not as widespread as Log4j when it comes to the sheer number of systems running the affected software, Samba is still a widely used solution and will affect a very high number of systems and the severity of the issue should not be underestimated.
The additional conditions that should be present for the exploit to work are not much of a consolation, as explained by Samba, and patches should be deployed quickly. However, with the sheer amount of devices that run the software, security experts are warning that some devices may still be left forgotten and unpatched.